Date: Tue, 09 Jul 1996 23:20:55 +0100 From: "Gary Palmer" <gpalmer@FreeBSD.ORG> To: cschuber@orca.gov.bc.ca Cc: freebsd-security@FreeBSD.ORG Subject: Re: CERT Advisory CA-96.13 - Vulnerability in the dip program Message-ID: <29141.836950855@palmer.demon.co.uk> In-Reply-To: Your message of "Tue, 09 Jul 1996 14:34:14 PDT." <199607092134.OAA16884@passer.osg.gov.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert - ITSD Open Systems Group wrote in message ID <199607092134.OAA16884@passer.osg.gov.bc.ca>: > I believe that the dip program used under FreeBSD is the same program as > described below. We're probably vulnerable. Apparently not. We don't have `dip' in our base system (we use `tip' and `cu', the more traditional (if they could be called that) interfaces. The `dip' port isn't based on the linux one, and from the package that was on the 2.1.0-RELEASE CDROM: -r-xr-xr-x bin/bin 36864 Oct 7 00:33 1995 sbin/dip -r-xr-xr-x bin/bin 0 Oct 7 00:33 1995 sbin/diplogin link to sbin/dip ^ ^ Note the distinct lack of SUID bits ... Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29141.836950855>